Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.13 09:11
Mishing: The Rising Mo...
11.13 09:11
Europe’s Tech Startups...
11.13 09:11
NASA Announces New Tri...
11.13 09:11
Microsoft’s Gaming Chi...
11.13 09:11
Amazon Makes it Harder...
11.13 09:11
Brain Implant Startups...
11.13 09:11
Comprehensive Guide to...
11.13 08:11
Major Cyber Attacks in...
11.13 08:11
Tesla’s Meme-Like Stoc...
11.13 08:11
HawkEye Malware: Techn...

Dropped Files | ZeroBOX

Name	873fa0c52eae7cfb_nsdialogs.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuEE77.tmp\nsDialogs.dll
Size	9.5KB
Processes	2544 (winiti.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`19d3373e403a6e724cfa1563dfd1f463`
SHA1	`4917547b355a91e9431879209f56925097bf4fb3`
SHA256	`873fa0c52eae7cfbed56ea18b21fad0ca8f018ab7f305bd1db1a3ec454e353d1`
CRC32	`B8574EA1`
ssdeep	`96:oXF7lf7AR1VhrfzBik0cxM2DjDf3GEkniJnifvcx4I8qndYv0PLE:oXFl7wrLBn0REc0Jx3dO0PLE`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	ea357959967cdf14_afhandlings121.udr Submit file
Filepath	C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Mechanicals\Undladelsessynderne\Afhandlings121.udr
Size	2.5KB
Processes	2544 (winiti.exe)
Type	data
MD5	`c0adfada457f48706e5a693240fc5e4a`
SHA1	`42e1b10dd41f127fe7fcd69b82cf4eb6b162fb01`
SHA256	`ea357959967cdf14e7bbaff55e6de85073e8350e326c60600e460de11630772b`
CRC32	`4BBA9AFA`
ssdeep	`48:arR+VcRA8h/S/oI2enEUwzA8RkVG70q+qJQcgY:S+ojI2eEUw/RkuSRDY`
Yara	None matched
VirusTotal	Search for analysis

Name	6674960a8b7573fa_hovedlinie.red Submit file
Filepath	C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Mechanicals\Undladelsessynderne\Hovedlinie.red
Size	5.9KB
Processes	2544 (winiti.exe)
Type	data
MD5	`143f20a74d859c425cd89d364c425948`
SHA1	`d1868c3017d6b499c83f7d6f16e6c8b18d906016`
SHA256	`6674960a8b7573facbf38043c2e675b05b612f8dc4f15f4eaecb5efdfc895db0`
CRC32	`8B3E3CA1`
ssdeep	`96:/KHhKUBlv+d2LlKTR/62QOcBERreHfGi+qV9GgdrxBnZnBAax:SBHBlXLlKTR+ERSHfGz2xBnDAax`
Yara	None matched
VirusTotal	Search for analysis

Name	149901a825337e3d_disciplineringerne.dmo Submit file
Filepath	C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Mechanicals\Undladelsessynderne\disciplineringerne.dmo
Size	4.9KB
Processes	2544 (winiti.exe)
Type	data
MD5	`1e59f086db796975a832f72facfa9c43`
SHA1	`d263b74a607c77dd388d158916b0e840f932aa4c`
SHA256	`149901a825337e3ddfdf75245838bd6d6ba2e0ce8213c215d56ab10fde045c59`
CRC32	`1F24ECF3`
ssdeep	`96:lFdCfbkCDUnqOGvSX8VfuJ14wHay8foH985f63jGjo7T:3dqvSXEGx8wq5iQ2T`
Yara	None matched
VirusTotal	Search for analysis

Name	95042dbe7428461e_bgimage.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuEE77.tmp\BgImage.dll
Size	7.5KB
Processes	2544 (winiti.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`49998d066af103d06b56f5b4c76b1497`
SHA1	`b7dce166147f40dfa17f5ca950c4e324a10d04be`
SHA256	`95042dbe7428461ee7fd210acf37040eb921012c7b32f66cb54766f0a16bb5b6`
CRC32	`0C2902F6`
ssdeep	`96:8eQMA6z4f7TI20Y1wircawlkX1b3+LDfbAJ8uLzqkDnLiEQjJ3KxkP:tChfHv08wocw3+e8uLmiLpmP`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	780220a478175632_humanlike.unl Submit file
Filepath	C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Mechanicals\Humanlike.Unl
Size	340.2KB
Processes	2544 (winiti.exe)
Type	data
MD5	`cea65086105f7e76b5e6f756040107b9`
SHA1	`92b4acf54fcbf5bc8831e7d5d84c62ee7375649d`
SHA256	`780220a478175632fcf0cde627c022ba5b131b684bf9c4c4ba8943008e84d79b`
CRC32	`6780CD1C`
ssdeep	`6144:r0tdG5HcQ2Cn8vHOwbzSGj1/pXX+HpDBcOeJ5QGOImvTEu/:r0W8DHOwD1xXOHp5eBzu/`
Yara	None matched
VirusTotal	Search for analysis

Name	1161bc0d605f9b06_sgnehelligdags.sto Submit file
Filepath	C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Mechanicals\Undladelsessynderne\sgnehelligdags.sto
Size	3.2KB
Processes	2544 (winiti.exe)
Type	data
MD5	`0d8001a0d7d7d145b5cb7b8b8be55d0d`
SHA1	`2df3e5e7b0d64330d4ba8b1052c91cb61c36ac0b`
SHA256	`1161bc0d605f9b06ae54ce57545c4e50c701523b568aa8723f84278eb2013c17`
CRC32	`6D40B0AF`
ssdeep	`48:pkonMHYwbnjlQUB/arqSA4wllpuxb8ADgPoDdTkk9qTb4/mZGFyLuLYSKGDOPqHS:eonUDL6qSdxb8Acwkiqcbk6LzCqMIg`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nspED6D.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nspED6D.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	33fa7e801769a378_funnelled.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Mechanicals\Undladelsessynderne\Funnelled.txt
Size	391.0B
Processes	2544 (winiti.exe)
Type	ASCII text, with CRLF line terminators
MD5	`a94b78eb0be8070f2eae579b0eeb86e0`
SHA1	`bb5c0f613d60ce8866e8cc82e0e370b08a9bbfe5`
SHA256	`33fa7e801769a378fadf9b88fef4494aacbf802ea8ee732965382008115df91b`
CRC32	`02A4C322`
ssdeep	`6:l/uH+JrmhWlRMdNz1tXBf4aFR3Yi/taEAcjN7Cfs4jLDfdEquXM3ETuZvDCUVBnm:PrmhW8dl2+RAcjRCk4LDl+MlZveUHQV`
Yara	None matched
VirusTotal	Search for analysis

Name	b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2656 (powershell.exe)
Type	data
MD5	`81ca4510272caf505e8091e9a28cb716`
SHA1	`71414aeec9f1e4a6f5a461b01700cc9cc992cd9e`
SHA256	`b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf`
CRC32	`FC31E90F`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	8a071dca22deb48c_jordbrugsdrifternes.inv Submit file
Filepath	C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Mechanicals\jordbrugsdrifternes.Inv
Size	67.7KB
Processes	2544 (winiti.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`5e470a44c0a146de2671222b7f822c29`
SHA1	`3d53b38a3d3c8d779eb6fd86b0d1ae34c3bcf804`
SHA256	`8a071dca22deb48c312a6b4f888af96334e2a514a837a19e36856087a7e55d21`
CRC32	`E5201BFA`
ssdeep	`1536:+3iwS7rjcq/uoNdjEgKTEUVtpreD+Rhvy21sTibJtI4rEjEeTk32auu:+3iwS73cICxwI8Dks2tqVYluu`
Yara	None matched
VirusTotal	Search for analysis

Name	bcb93204bd1854d0_nsexec.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuEE77.tmp\nsExec.dll
Size	6.5KB
Processes	2544 (winiti.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`6c881f00ba860b17821d8813aa34dbc6`
SHA1	`0e5a1e09b1ce1bc758d6977b913a8d9ccbe52a13`
SHA256	`bcb93204bd1854d0c34fa30883bab51f6813ab32abf7fb7d4aeed21d71f6af87`
CRC32	`191C2880`
ssdeep	`96:DOBtYZKtPsrqBApt1JHpb9XWk7Qe06iE6mE6YNFyVOHd0+ugwEX:DtZKtrAJJJbP7iEHEbN8Ved0PM`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	836eb26b0e28d9fa_premeasure.bob Submit file
Filepath	C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Mechanicals\Undladelsessynderne\Premeasure.bob
Size	7.2KB
Processes	2544 (winiti.exe)
Type	data
MD5	`dcfcae752d9099a0e6ecb283ef6d7202`
SHA1	`0232ac9127c013d03d60a1367ec793097c51c8fc`
SHA256	`836eb26b0e28d9fa8dab6ee31c79dd276c17ae970375ee962868b791c0f6600d`
CRC32	`D6FE029B`
ssdeep	`192:G0415MdF5vDhMelHcXyjPYfSTPMyc07obKq9nEgi0WvHE:h41q1LjtIyc07cR9E+WvHE`
Yara	None matched
VirusTotal	Search for analysis

Name	56e6165a2b5396aa_frasiger.ini Submit file
Filepath	C:\Windows\Fonts\frasiger.ini
Size	37.0B
Processes	2544 (winiti.exe)
Type	ASCII text, with CRLF line terminators
MD5	`2cb260c5458355e994a5f9598bcc1f24`
SHA1	`7222512306bf86f49868e5bd9b51bbedd950e6e5`
SHA256	`56e6165a2b5396aa43e06e8ebc3bf96ceecc0186577758a20a978c51e19b4e20`
CRC32	`14FC9BCE`
ssdeep	`3:aAVvJDAyS3Nv:aAFKdv`
Yara	None matched
VirusTotal	Search for analysis

Name	957608d4fdf7a422_astonied.ini Submit file
Filepath	C:\Program Files (x86)\astonied.ini
Size	40.0B
Processes	2544 (winiti.exe)
Type	ASCII text, with CRLF line terminators
MD5	`05c70eab829786b13f4250010970e93e`
SHA1	`1f3e904027d380cb6fce257deb4bbe28626296dd`
SHA256	`957608d4fdf7a422674dc07bd33d9b698b1009e664de3a54f848d40dde234244`
CRC32	`5B15AA97`
ssdeep	`3:pUiNGxLSv:6GGVSv`
Yara	None matched
VirusTotal	Search for analysis